+ Responder ao Tópico



  1. #1

    Padrão Sarg gerando relatorio com ip externo?

    to testando um servidor com squid/iptables/sarg, instalano no Kubuntu...
    ta tudo funcionando certinho, aqui onde eu estou tem 3 maquinas usando o servidor proxy.
    então creio eu que no relatorio deveria estar apenas essas 3 maquinas, porem na primeira pagina
    me mostra uma porrada de endereços externos, tipo 200.x.x.x.x. como se fossem maquinas que acessaram a internet pelo meu proxy, e dentro desses links me mostram outros endereços de ip
    com o status DENIED.
    alguem já passou por isso??
    ==========================
    http_port 192.168.0.60:3128
    error_directory /usr/share/squid/errors/Portuguese
    cache_dir ufs /var/spool/squid/ 100 16 256
    hierarchy_stoplist cgi-bin
    acl QUERY urlpath_regex cgi-bin
    no_cache deny QUERY
    cache_mem 32 MB
    cache_access_log /var/log/squid/access.log

    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT
    acl rede_interna src 192.168.0.0/24

    acl proibidos url_regex -i "/etc/squid/proibidos"
    http_access deny proibidos

    http_access allow rede_interna
    http_access deny all

    icp_access allow rede_interna
    cache_mgr [email protected]
    visible_hostname Servidor_Linux_Squid/Iptables_Kubuntu
    logfile_rotate 10
    #======================================
    #Sarg.conf
    #======================================
    language Portuguese
    access_log /var/log/squid/access.log
    title "Squid - Relatorio de Acessos a internet"
    font_face Tahoma,Verdana,Arial
    header_color darkblue
    header_bgcolor blanchedalmond
    font_size 15px
    background_color white
    text_color #000000
    text_bgcolor lavender
    title_color green
    temporary_dir /tmp
    output_dir /var/www/squid-reports
    resolve_ip yes
    user_ip no
    topuser_sort_field BYTES reverse
    user_sort_field BYTES reverse
    exclude_users /etc/squid/sarg.users
    exclude_hosts /etc/squid/sarg.hosts
    date_format e
    lastlog 0
    remove_temp_files yes
    index yes
    index_tree file
    overwrite_report yes
    records_without_userid ip
    use_comma yes
    mail_utility mailx
    topsites_num 100
    topsites_sort_order CONNECT D
    index_sort_order D
    exclude_codes /etc/squid/sarg.exclude_codes
    max_elapsed 28800000
    downloads
    report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
    usertab /etc/squid/sarg.usertab
    long_url no
    date_time_by bytes
    charset Latin1
    show_read_statistics no
    topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
    topuser_num 0
    site_user_time_date_type table
    download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
    #======================================

    agradeço desde já!

  2. #2

    Padrão

    Olá

    No seu firewall permita acessa a porta 3128 apenas para sua rede local

    Utilize a polítia DROP para INPUT e libere apenas as portas que necessita. Exemplo para liberar seu proxy apenas para rede local:

    iptables -A INPUT -i eth1 -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 3128 -j ACCEPT

    Att.

  3. #3

    Padrão acl all src 0.0.0.0/0.0.0.0

    coloque sua rede interna nesta regra aqui solucionou meu problema

    acl all src 0.0.0.0/0.0.0.0